Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- firewall {
- family inet {
- filter Protect-RE {
- term Permit-Loopback-All {
- from {
- source-address {
- 127.0.0.1/32;
- }
- }
- then accept;
- }
- term Permit-SSH {
- from {
- source-address {
- 10.10.10.0/24;
- 10.10.16.0/24;
- 10.20.10.0/24;
- 10.20.11.0/30;
- 10.34.16.0/23;
- 10.37.16.0/23;
- }
- protocol tcp;
- destination-port 22;
- }
- then accept;
- }
- term Permit-Telnet {
- from {
- source-address {
- 10.20.10.3/32;
- }
- protocol tcp;
- destination-port 23;
- }
- then {
- log;
- syslog;
- accept;
- }
- }
- term Permit-HTTPS {
- from {
- source-address {
- 10.20.10.0/24;
- 10.20.11.0/30;
- 10.34.16.0/23;
- 10.37.16.0/23;
- }
- protocol tcp;
- destination-port 443;
- }
- then accept;
- }
- term Permit-RADIUS {
- from {
- source-address {
- 10.20.11.0/30;
- }
- protocol udp;
- destination-port [ 1812 1813 ];
- }
- then accept;
- }
- term Permit-SNMP {
- from {
- source-address {
- 10.20.10.0/30;
- }
- protocol udp;
- destination-port [ 161 162 ];
- }
- then accept;
- }
- term Permit-NTP {
- from {
- source-address {
- 10.20.11.0/30;
- 132.163.96.0/30;
- }
- protocol udp;
- destination-port 123;
- }
- then accept;
- }
- term Permit-DNS {
- from {
- source-address {
- 10.20.11.0/30;
- }
- protocol udp;
- destination-port 53;
- }
- then accept;
- }
- term Permit-ICMP-Ping {
- from {
- source-address {
- 10.10.10.0/24;
- 10.10.16.0/24;
- 10.20.10.0/24;
- 10.20.11.0/30;
- 10.34.16.0/23;
- 10.37.16.0/23;
- }
- protocol icmp;
- icmp-type [ echo-reply echo-request ];
- }
- then accept;
- }
- term Permit-Syslog {
- from {
- source-address {
- 10.20.10.4/32;
- 10.20.10.9/32;
- }
- protocol udp;
- destination-port 514;
- }
- then accept;
- }
- term Default-Deny {
- then {
- count DEFAULT-DENY-COUNTER;
- log;
- syslog;
- discard;
- }
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
